I’m often asked which employees are most likely to be targeted by phishing emails. It’s interesting to think about, but the truth is that adversaries will target whichever employees can offer access to the enterprise’s network—and that could potentially be anyone in your organization. Recent research from ProofPoint confirmed this, finding that staff-level employees were targeted by phishing attacks more often than middle and executive management.
The takeaway here is that for security awareness to be effective, it needs to include everyone in your organization. Aside from the obvious security necessity, including the entire organization in your security awareness initiatives enhances your program in a number of ways.